Bug 1182326 (CVE-2021-20242)

Summary: VUL-0: CVE-2021-20242: ImageMagick: Division by zero in GenerateDifferentialNoise in MagickCore/gem.c
Product: [Novell Products] SUSE Security Incidents Reporter: Gianluca Gabrielli <gianluca.gabrielli>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/277976/
Whiteboard: CVSSv3.1:SUSE:CVE-2021-20242:5.3:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Gianluca Gabrielli 2021-02-16 15:27:33 UTC 
CVE-2021-20242

A flaw was found in ImageMagick in MagickCore/gem.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.10-62.

References:

https://github.com/ImageMagick/ImageMagick/pull/3192

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1928957
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20242
Comment 1 Gianluca Gabrielli 2021-02-16 15:40:53 UTC 
This vulnerability was addressed in bnc#1181836 [0] (CVE-2021-20176).

The ImageMagick upstream maintainer merged 4103225 [1] in a0d7cbc [2], resulting into an empty merge. That's because the same changes were applied by fbd9a96 [3] the 7th of Jan. (as I explained it here [4])
So CVE-2021-20242 [5] is addressing the same issue of CVE-2021-20176 [6].

[0] https://bugzilla.suse.com/show_bug.cgi?id=1181836
[1] https://github.com/ImageMagick/ImageMagick/commit/41032251f91b8509952f1a836487efd5b4ac212d
[2] https://github.com/ImageMagick/ImageMagick/commit/a0d7cbcfc66e1278eaa5c8c90472f98d936557c9
[3] https://github.com/ImageMagick/ImageMagick/commit/fbd9a963db1ae5551c45dc8af57db0abd7695774
[4] https://github.com/ImageMagick/ImageMagick/issues/3077#issuecomment-779805236
[5] https://access.redhat.com/security/cve/cve-2021-20242
[6] https://access.redhat.com/security/cve/cve-2021-20176
Comment 2 Petr Gajdos 2021-02-23 08:30:11 UTC 
Thanks for analysis, it implies from the 
https://github.com/ImageMagick/ImageMagick/pull/3192
as well.

Dare to close as as duplicate of 1181836 then.

*** This bug has been marked as a duplicate of bug 1181836 ***